SOA Fundamental SOA Security - S90.18 Exam Practice Test
Question 1
The application of the Service Abstraction principle can hinder your ability to fully determine
how a service composition is secured because you may not be able to find out how all
composed services are secured.
how a service composition is secured because you may not be able to find out how all
composed services are secured.
Correct Answer: A
Question 2
The requirement to defer security related state data at runtime relates directly to the
application of which service-orientation principle?
application of which service-orientation principle?
Correct Answer: C
Question 3
Service A requires self-signed digital certificates from all of its service consumers. The
service and its service consumers both belong to the same organization. You are
presented with a new requirement to only allow access to those service consumers with
certificates that have not expired. How can this requirement be addressed with minimal
impacts on the current security architecture?
service and its service consumers both belong to the same organization. You are
presented with a new requirement to only allow access to those service consumers with
certificates that have not expired. How can this requirement be addressed with minimal
impacts on the current security architecture?
Correct Answer: C
Question 4
To provide message confidentiality and message integrity, which of the following patterns
need to be applied?
need to be applied?
Correct Answer: B
Question 5
Service A relies on a shared identity store. Service B has its own identity store. Service C
also has its own identity store, but must also access the shared identity store used by
Service A.
Which service has the least reduction in autonomy as a result of its relationship with identity store mechanism(s)?
also has its own identity store, but must also access the shared identity store used by
Service A.
Which service has the least reduction in autonomy as a result of its relationship with identity store mechanism(s)?
Correct Answer: D
Question 6
A project team is planning to create a secure service composition that consists of services
from two different domain service inventories. The security mechanisms for each service
inventory are based on different vendor technologies that adhere to the same industry
standards and the same design standards. What is wrong with this service composition
architecture?
from two different domain service inventories. The security mechanisms for each service
inventory are based on different vendor technologies that adhere to the same industry
standards and the same design standards. What is wrong with this service composition
architecture?
Correct Answer: A
Question 7
Responses issued by Certificate Revocation Lists (CRLs) and Online Certificate Status
Protocol (OCSP) services need to be ___________ and ___________ so that it can be
determined whether these responses were sent by a trusted certificate authority or a
malicious program pretending to be a certificate authority.
Protocol (OCSP) services need to be ___________ and ___________ so that it can be
determined whether these responses were sent by a trusted certificate authority or a
malicious program pretending to be a certificate authority.
Correct Answer: B
Question 8
A service that was previously using a shared identity store is now given its own dedicated
identity store instead. What are the likely impacts (positive or negative) that will result from
this change?
identity store instead. What are the likely impacts (positive or negative) that will result from
this change?
Correct Answer: B,C
Question 9
Which of the following approaches represents a valid means of utilizing generic security
logic?
logic?
Correct Answer: D
Question 10
Which of the following are valid reasons for a certificate to be revoked:
Correct Answer: A,B,C
